Strategy: Developing a Strategy for Enterprise Application Security

Brad Causey02/02/13

Developing a Strategy for Enterprise App Security

Visibility and processes: These are two of the most basic -- and important -- elements of enterprise technology management. Without both of these in place, most companies and, more importantly, the state of their application security would be in severe disarray. Visibility is simple to understand: If you cannot see it, you cannot address it. Processes often prove to be a little more challenging because you must have a good view into the technology, and a firm understanding of how that technology integrates into the business, before you can fully implement and then leverage processes.

When it comes to application security, enterprises face a host of challenges -- not the least of which is balancing technology with viability and process. There are many tools and strategies for securing individual applications, but applications range in number, size and type, so there is no one-size-fits-all solution. There is also no set-it-and-forget-it solution: The constant churn seen in enterprise applications requires constant assessment of their security posture. In this report, we will examine the best ways to build a security architecture that can protect a broad range of applications, the tools available to monitor and detect changes or flaws in operational applications, and the steps an enterprise should take when potential threats or attacks are discovered. (S6580213)